How can I completely disable logging from HttpLimitConnModule and HttpLimitReqModule?
At least limit the damage done from extensive logging in case of a DOS-attack. I still want some error-logging but not when the request is denied.
Such messages:
2013/07/12 20:20:10 [error] 31544#0: *78 limiting requests, excess: 0.519 by zone "limit", client: *.*.*.*, server: example.com, request: "GET /static.html HTTP/1.1", host: "example.com", referrer: ""
One solution is to enable error_log just where it is needed.
server {
error_log /dev/null crit;
location ~\.php$ {
error_log /var/log/nginx_error.log;
}
}
Related
I've been trying to figure this out for days now.
When I attempt to upload a file to my webserver written in java, about 2.5MB of the file uploads and then it just freezes. Nginx appears to be the culprit because when I upload the file to the webserver directly to the port 1234 using my vps's direct ip instead of the domain the full file uploads perfectly fine.
I am using a program also written in java to upload the file to the webserver and I am getting the error on that:
Exception in thread "main" java.io.IOException: Premature EOF
at sun.net.www.http.ChunkedInputStream.readAheadBlocking(ChunkedInputStream.java:565)
at sun.net.www.http.ChunkedInputStream.readAhead(ChunkedInputStream.java:609)
at sun.net.www.http.ChunkedInputStream.read(ChunkedInputStream.java:696)
at java.io.FilterInputStream.read(FilterInputStream.java:133)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3456)
at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3449)
at java.nio.file.Files.copy(Files.java:2908)
at java.nio.file.Files.copy(Files.java:3027)
at me.hellin.Main.uploadFile(Main.java:28)
at me.hellin.Main.main(Main.java:23)
This is my nginx config for it:
server {
listen 80;
server_name *redacted*;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
location / {
client_max_body_size 100M;
proxy_pass http://localhost:1234;
}
}
server {
client_max_body_size 100M;
client_body_timeout 120s;
client_body_temp_path /tmp;
}
This is what I see in nginx error.log:
2022/05/03 14:14:41 [error] 2085134#2085134: *326930 connect() to [::1]:1234 failed (101: Network is unreachable) while connecting to upstream, client: *redacted*, server: *redacted*, request: "POST / HTTP/1.1", upstream: "http://[::1]:1234/", host: "*redacted*"
Here's my code just in case I did something wrong here that somehow only affects nginx:
private static InputStream upload(File file) throws Exception {
HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("*redacted*")
.openConnection();
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestProperty("content-length", String.valueOf(file.length()));
httpURLConnection.setRequestProperty("content-type", "application/java-archive");
httpURLConnection.setRequestMethod("POST");
OutputStream outputStream = httpURLConnection.getOutputStream();
Files.copy(file.toPath(), outputStream);
outputStream.close();
return httpURLConnection.getInputStream();
}
I have finally found the solution to the infuriating issue. Turns out that nginx does some weird shit and I had to change the servers code (receiving the file) to send its response only after the server had closed the output stream. I was sending a response back to the client before and Ig nginx saw that and closed the connection.
I am using nginx lua docker image firesh/nginx-lua:alpine-3.4. And i tried to use environment variable in nginx.config file. Below is the configuration in /etc/nginx/nginx.conf.
user nginx;
env ES_USERNAME;
env ES_PWD;
worker_processes 1;
events {
worker_connections 10240;
}
http {
server {
listen 8080;
server_name localhost;
set_by_lua $es_username os.getenv("ES_USERNAME");
set_by_lua $es_pwd os.getenv("ES_PWD");
location /health {
proxy_pass http://$es_username:$es_pwd#elk-es-http:9200/_cluster/health;
}
...
After launching the container, I see this error in the log:
2021/11/18 01:07:14 [error] 6#6: *6 failed to load inlined Lua code: set_by_lua:1: unexpected symbol near '"http://"', client: 10.0.4.122, server: localhost, request: "GET /health HTTP/1.1", host: "10.0.2.170:8080"
The problem is that the url after proxy_pass is not reading the variable from lua. It treats the ${es_username} as a string rather than read its value. What is the correct way to use that?
That sounds strange. I rather expect both $es_username and $es_pwd variables will have an empty value. set_by_lua expects a function that should return a value, and your returns nothing. The correct usage is
set_by_lua $es_username 'return os.getenv("ES_USERNAME")';
set_by_lua $es_pwd 'return os.getenv("ES_PWD")';
We are using this syntax in our nginx configuration:
set $logging 1;
if ( $bot_in_log = 0 ) {
set $logging 0;
}
if ( $ip_in_log = 0 ) {
set $logging 0;
}
access_log /var/log/nginx/access.log combined if=$logging;
error_log /var/log/nginx/error.log warn;
However, we receive these messages in our error.log from bad bot requests:
24946#24946: *26106 using uninitialized "logging" variable while logging request, client: 122.34.124.134, server: domain.com, request: "GET /index.html/bwd0GoD HTTP/1.1"
Do we need to set if=$logging; for the error_log as well to avoid these kind of errors from showing up?
I wrote this /etc/nginx/conf.d/apply.conf and started nginx.
server {
location = /hoge {
return 200;
}
}
but the curl command fails.
curl localhost:80/hoge
It says
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.13.9</center>
</body>
</html>
and the logs are
open() "/usr/share/nginx/html/hoge" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: "GET /hoge HTTP/1.1", host: "localhost"
I want to just return the status code without response body or with response body blank.
I changed to this but still not working.
location /hoge {
return 200 'Wow';
add_header Content-Type text/plain;
}
also tried this.
location /hoge {
return 200 'Wow';
default_type text/plain;
}
It is hard to say without context(how your entire nginx config file looks like), because of how nginx processes a request
A config file like the following, should work just fine for what you are looking for:
server {
listen 80;
location /hoge {
return 200;
}
}
However, if your config file has other location blocks(especially if they are regex based) then you may not get the expected solution.
Take an example of this config file:
server {
listen 80;
location /hoge {
return 200;
}
location ~* /ho {
return 418;
}
}
Sending a request to curl localhost:80/hoge would return a http status code 418 instead of 200. This is because the regex location matched before the exact location.
So, the long answer is; it is hard to tell without the context of the whole nginx conf file that you are using. But understanding how nginx processes a request will get you to the answer.
I have the following structure I am working with for NGINX
/etc/nginx
- nginx.conf
- conf.d
- a.conf-disabled (I appended 'disabled' so it wont be used)
- b.conf-disabled (I appended 'disabled' so it wont be used)
- sites-available
- a
- b
- sites-enabled
- a (sym link to sites-available/a)
- b (sym link to sites-available/b)
The nginx.conf file looks like the following:
worker_processes 4;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
The a file in sites-available looks like the following:
server {
listen 80;
server_name a;
location /a/ {
proxy_pass http://172.17.0.20:5678/;
}
}
and the b file in sites-available looks like the following:
server {
listen 80;
server_name b;
location /b/ {
proxy_pass http://172.17.0.20:5678/;
}
}
I am aware these pointing at the same address, I am just using it because I want to be able to test /a and /b separately.
The problem I am having is that only /a will work and /b fails. If I remove a, then /b works fine.
For example:
curl -X GET http://container-ip/a/ -> WORKS FINE
curl -X GET http://container-ip/b/ -> DOESN'T WORK
I ran logs and its not complaining about anything, but does fail with this when I try to hit /b.
2015/07/13 04:51:59 [error] 235#235: *58 "/etc/nginx/html/b/index.html" is not found (2: No such file or directory), client: 10.0.2.2, server: , request: "GET /b/ HTTP/1.1", host: "localhost:8181"